/// <summary>
/// 密码凭证授予
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
if (string.IsNullOrEmpty(context.UserName))
{
context.SetError("invalid_username", "username is not valid");
return(Task.FromResult <object>(null));
}
if (string.IsNullOrEmpty(context.Password))
{
context.SetError("invalid_password", "password is not valid");
return(Task.FromResult <object>(null));
}
UserEntity user = _userServer.GetUser(context.UserName, context.Password);
if (user == null)
{
context.SetError("error_description", "用户名或密码不正确.");
return(Task.FromResult <object>(null));
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
identity.AddClaim(new Claim(ClaimTypes.Role, "Iphone_Read"));
identity.AddClaim(new Claim(ClaimTypes.Role, "Admin"));
string role = "Iphone_Read Admin";
var props = new AuthenticationProperties(new Dictionary <string, string>
{
{
"oauth:scope", role
}
});
var ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
//context.Validated(identity);
return(Task.FromResult <object>(null));
}